Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

@idms-corp/auth-uinpm

Malicious code in @idms-corp/auth-ui (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-10224
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
npm uninstall @idms-corp/auth-ui

What this malware does

The @idms-corp/auth-ui package was published to the npm registry by user 'click2ai' (maintainer email [email protected]) as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization (the @idms-corp organizational scope) so that a misconfigured resolver installs this public lookalike instead of the intended private dependency.

The package declares a preinstall hook ("npm install @sentry/node && node examples/verify.js") that executes automatically at npm install time, before any application code runs. The bundled examples/verify.js initializes the @sentry/node client against a hardcoded, attacker-controlled Sentry DSN with sendDefaultPii enabled, resolves the installing host's public egress IP address by requesting Cloudflare's /cdn-cgi/trace endpoint (using a spoofed desktop-browser User-Agent to bypass bot challenges), then deliberately triggers a runtime exception and captures it. Flushing the event beacons the collected host telemetry (public IP plus Sentry default PII such as hostname, OS username and runtime/environment metadata) to the attacker's Sentry ingest endpoint at o4510485815754752.ingest.us.sentry.io.

Each impersonated namespace in the campaign beacons to a distinct Sentry project ID, letting the operator attribute successful installs to specific victim organizations — behaviour consistent with a dependency-confusion reconnaissance beacon rather than legitimate error monitoring. The install-time payload is byte-for-byte identical across all packages published by this account, differing only in the package name and the target DSN. This package's beacon targets Sentry project 4511630867824640.

The package's preinstall hook executes examples/verify.js, which initializes Sentry against a hardcoded DSN pointing at the author's Sentry project (o4510485815754752.ingest.us.sentry.io/4511630867824640). The script resolves the installer's public IP via Cloudflare's /cdn-cgi/trace, attaches it to the Sentry scope, and triggers a captured exception, causing the installer's public IP plus default Sentry host metadata (hostname, OS, runtime) to be transmitted to the author's endpoint on every npm install. sendDefaultPii is set to true. Additionally, init() falls back to the same hardcoded author DSN when callers do not pass their own, so any consuming application that calls init() without an explicit dsn silently routes its captured exceptions (stack traces, request data, environment context, PII) to the author's Sentry project rather than the caller's. Package metadata further indicates a namespace-squat shape: scope name suggests an internal organization auth/UI component, but the shipped functionality is a thin Sentry wrapper with no auth or UI code, and the README is a 4-line stub with no disclosure of the install-time network activity or the hardcoded DSN fallback.

Malicious versions

2 flagged
0.0.01.0.0

Indicators of compromise (SHA-256)

040edf83c0755508770c960e037626cbd484fdaf2578aad022438762a1fb8008
d0cb0bf81d8c3d114426e2f11d505911497ac5664410f5837dd0bfbb502b6681

Detection & response playbook

Backdoor / remote access
  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for @idms-corp/auth-ui (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging @idms-corp/auth-ui across your stack and pipelines.

  2. If you installed it — respond

    @idms-corp/auth-ui establishes remote access, so treat any host that installed it as fully compromised. Isolate the machine, remove the package, rotate all credentials it could reach, and rebuild from a trusted image rather than cleaning in place — a backdoor may have planted additional persistence.

  3. Did it already run?

    If @idms-corp/auth-ui was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks @idms-corp/auth-ui before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. @idms-corp/auth-ui on npm has been identified as a malicious package (versions 0.0.0, 1.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-009868IN-MAL-2026-009867

References

Credits

  • Amazon Inspector · finder
  • SafeDep · finder

Detect & block this

O3 blocks @idms-corp/auth-ui-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the C2 callback and severs the channel.